The IAO/NSO will ensure the sensor’s monitoring application or mechanism retrieves events from the sensor before the queue becomes full.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3179 | NET-IDPS-003 | SV-3179r1_rule | ECAT-2 ECTP-1 | Medium |
| Description |
|---|
| Events on the sensor are typically stored on a large input queue. The queue in the sensor is typically very large and can hold several days of logging events under normal conditions. Nevertheless, the monitoring application must retrieve events from the sensor before the queue becomes full; otherwise the sensor will start overwriting the unread events. |
| STIG | Date |
|---|---|
| IDS/IPS Security Technical Implementation Guide | 2013-10-08 |
Details
| Check Text ( C-21184r1_chk ) |
|---|
| Verify the mechanism controlling the spooling of IDPS data is in place to move the data to the Network Management network. |
| Fix Text (F-19091r1_fix) |
|---|
| Configure the IDPS sensor to spool the IDS data before data overflow occurs. |